lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+G9fYv4s0oE4w5ushnLwYrC4=fWh6uK2_umnU15o2bEZWZt2g@mail.gmail.com>
Date:   Sat, 20 Nov 2021 21:36:55 +0530
From:   Naresh Kamboju <naresh.kamboju@...aro.org>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Borislav Petkov <bp@...e.de>
Cc:     linux-kernel@...r.kernel.org, f.fainelli@...il.com,
        torvalds@...ux-foundation.org, patches@...nelci.org,
        lkft-triage@...ts.linaro.org, jonathanh@...dia.com,
        stable@...r.kernel.org, pavel@...x.de, akpm@...ux-foundation.org,
        shuah@...nel.org, linux@...ck-us.net,
        Daniel Díaz <daniel.diaz@...aro.org>,
        Ondrej Zary <linux@...y.sk>
Subject: Re: [PATCH 5.10 00/21] 5.10.81-rc1 review

+ Peter Zijlstra
+ Thomas Gleixner
+ Borislav Petkov
+ Ondrej Zary


On Sat, 20 Nov 2021 at 20:57, Daniel Díaz <daniel.diaz@...aro.org> wrote:
>
> Hello!
>
> On 11/19/21 11:37 AM, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.10.81 release.
> > There are 21 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Sun, 21 Nov 2021 17:14:35 +0000.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> >       https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.81-rc1.gz
> > or in the git tree and branch at:
> >       git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
> >
> > -------------
> > Pseudo-Shortlog of commits:
> >
> > Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> >      Linux 5.10.81-rc1
> [...]> Peter Zijlstra <peterz@...radead.org>
> >      x86/iopl: Fake iopl(3) CLI/STI usage

This is due to  ^ new kernel code + old test case (Test case needs to
be updated)

> [...]
>
> Results from Linaro's test farm.
> Regressions found on x86_64 and i386, on iopl. Here's an excerpt of the selftest:
>
>    [    0.000000] Linux version 5.10.81-rc1 (oe-user@...host) (x86_64-linaro-linux-gcc (GCC) 7.3.0, GNU ld (GNU Binutils) 2.30.0.20180208) #1 SMP Fri Nov 19 19:48:55 UTC 2021
> [...]
>    [  170.351838] traps: iopl_64[2769] attempts to use CLI/STI, pretending it's a NOP, ip:400dde in iopl_64[400000+2000]
> [...]
>    # selftests: x86: iopl_64
>    # [FAIL]     CLI worked
>    # [FAIL]     STI worked

This failure was detected on linux next and the later test case has been fixed.
The Following patch could fix this problem across 5.10, 5.14 and 5.15.

Patch details,
---
selftests/x86/iopl: Adjust to the faked iopl CLI/STI usage

Commit in Fixes changed the iopl emulation to not #GP on CLI and STI
because it would break some insane luserspace tools which would toggle
interrupts.

The corresponding selftest would rely on the fact that executing CLI/STI
would trigger a #GP and thus detect it this way but since that #GP is
not happening anymore, the detection is now wrong too.

Extend the test to actually look at the IF flag and whether executing
those insns had any effect on it. The STI detection needs to have the
fact that interrupts were previously disabled, passed in so do that from
the previous CLI test, i.e., STI test needs to follow a previous CLI one
for it to make sense.

Fixes: b968e84b509d ("x86/iopl: Fake iopl(3) CLI/STI usage")
Suggested-by: Thomas Gleixner <tglx@...utronix.de>
Signed-off-by: Borislav Petkov <bp@...e.de>
Acked-by: Thomas Gleixner <tglx@...utronix.de>
Link: https://lore.kernel.org/r/20211030083939.13073-1-bp@alien8.de



>    # [OK]       outb to 0x80 worked
>    # [OK]       outb to 0x80 worked
>    # [OK]       outb to 0xed failed
>    #    child: set IOPL to 3
>    # [RUN]      child: write to 0x80
>    # [FAIL]     CLI worked
>    # [FAIL]     STI worked
>    # [OK]       outb to 0x80 worked
>    # [OK]       outb to 0x80 worked
>    # [OK]       outb to 0xed failed
>    # [OK]       Child succeeded
>    # [RUN]      parent: write to 0x80 (should fail)
>    # [OK]       outb to 0x80 failed
>    # [OK]       CLI faulted
>    # [OK]       STI faulted
>    #    iopl(3)
>    #    Drop privileges
>    # [RUN]      iopl(3) unprivileged but with IOPL==3
>    # [RUN]      iopl(0) unprivileged
>    # [RUN]      iopl(3) unprivileged
>    # [OK]       Failed as expected
>    not ok 7 selftests: x86: iopl_64 # exit=1
>
> The baseline kernel (v5.10.80) exhibited this output:
>    # selftests: x86: iopl_64
>    # [OK]       CLI faulted
>    # [OK]       STI faulted
>    # [OK]       outb to 0x80 worked
>    # [OK]       outb to 0x80 worked
>    # [OK]       outb to 0xed failed
>    #    child: set IOPL to 3
>    # [RUN]      child: write to 0x80
>    # [OK]       CLI faulted
>    # [OK]       STI faulted
>    # [OK]       outb to 0x80 worked
>    # [OK]       outb to 0x80 worked
>    # [OK]       outb to 0xed failed
>    # [OK]       Child succeeded
>    # [RUN]      parent: write to 0x80 (should fail)
>    # [OK]       outb to 0x80 failed
>    # [OK]       CLI faulted
>    # [OK]       STI faulted
>    #    iopl(3)
>    #    Drop privileges
>    # [RUN]      iopl(3) unprivileged but with IOPL==3
>    # [RUN]      iopl(0) unprivileged
>    # [RUN]      iopl(3) unprivileged
>    # [OK]       Failed as expected
>    ok 7 selftests: x86: iopl_64
>
>
> ## Build
> * kernel: 5.10.81-rc1
> * git: ['https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git', 'https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc']
> * git branch: linux-5.10.y
> * git commit: ed689bd1df46a07911fffa509cd06c5ec7beb9c1
> * git describe: v5.10.80-22-ged689bd1df46
> * test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.10.y/build/v5.10.80-22-ged689bd1df46
>
> ## Regressions (compared to v5.10.80)
> * i386, kselftest-x86
>    - x86.iopl_32
>
> * qemu_x86_64, kselftest-x86
>    - x86.iopl_64
>
> * x86, kselftest-x86
>    - x86.iopl_64
>
> Reported-by: Linux Kernel Functional Testing <lkft@...aro.org>
>
>
> ## No fixes (compared to v5.10.80)
>
> ## Test result summary
> total: 91125, pass: 77560, fail: 574, skip: 12243, xfail: 748
>
> ## Build Summary
> * arc: 10 total, 10 passed, 0 failed
> * arm: 259 total, 259 passed, 0 failed
> * arm64: 37 total, 37 passed, 0 failed
> * dragonboard-410c: 1 total, 1 passed, 0 failed
> * hi6220-hikey: 1 total, 1 passed, 0 failed
> * i386: 36 total, 36 passed, 0 failed
> * juno-r2: 1 total, 1 passed, 0 failed
> * mips: 34 total, 34 passed, 0 failed
> * parisc: 12 total, 12 passed, 0 failed
> * powerpc: 54 total, 46 passed, 8 failed
> * riscv: 24 total, 24 passed, 0 failed
> * s390: 18 total, 18 passed, 0 failed
> * sh: 24 total, 24 passed, 0 failed
> * sparc: 12 total, 12 passed, 0 failed
> * x15: 1 total, 1 passed, 0 failed
> * x86: 1 total, 1 passed, 0 failed
> * x86_64: 37 total, 37 passed, 0 failed
>
> ## Test suites summary
> * fwts
> * igt-gpu-tools
> * kselftest-android
> * kselftest-bpf
> * kselftest-breakpoints
> * kselftest-capabilities
> * kselftest-cgroup
> * kselftest-clone3
> * kselftest-core
> * kselftest-cpu-hotplug
> * kselftest-cpufreq
> * kselftest-drivers
> * kselftest-efivarfs
> * kselftest-filesystems
> * kselftest-firmware
> * kselftest-fpu
> * kselftest-futex
> * kselftest-gpio
> * kselftest-intel_pstate
> * kselftest-ipc
> * kselftest-ir
> * kselftest-kcmp
> * kselftest-kexec
> * kselftest-kvm
> * kselftest-lib
> * kselftest-livepatch
> * kselftest-membarrier
> * kselftest-memfd
> * kselftest-memory-hotplug
> * kselftest-mincore
> * kselftest-mount
> * kselftest-mqueue
> * kselftest-net
> * kselftest-netfilter
> * kselftest-nsfs
> * kselftest-openat2
> * kselftest-pid_namespace
> * kselftest-pidfd
> * kselftest-proc
> * kselftest-pstore
> * kselftest-ptrace
> * kselftest-rseq
> * kselftest-rtc
> * kselftest-seccomp
> * kselftest-sigaltstack
> * kselftest-size
> * kselftest-splice
> * kselftest-static_keys
> * kselftest-sync
> * kselftest-sysctl
> * kselftest-tc-testing
> * kselftest-timens
> * kselftest-timers
> * kselftest-tmpfs
> * kselftest-tpm2
> * kselftest-user
> * kselftest-vm
> * kselftest-x86
> * kselftest-zram
> * kunit
> * kvm-unit-tests
> * libgpiod
> * libhugetlbfs
> * linux-log-parser
> * ltp-cap_bounds-tests
> * ltp-commands-tests
> * ltp-containers-tests
> * ltp-controllers-tests
> * ltp-cpuhotplug-tests
> * ltp-crypto-tests
> * ltp-cve-tests
> * ltp-dio-tests
> * ltp-fcntl-locktests-tests
> * ltp-filecaps-tests
> * ltp-fs-tests
> * ltp-fs_bind-tests
> * ltp-fs_perms_simple-tests
> * ltp-fsx-tests
> * ltp-hugetlb-tests
> * ltp-io-tests
> * ltp-ipc-tests
> * ltp-math-tests
> * ltp-mm-tests
> * ltp-nptl-tests
> * ltp-open-posix-tests
> * ltp-pty-tests
> * ltp-sched-tests
> * ltp-securebits-tests
> * ltp-syscalls-tests
> * ltp-tracing-tests
> * network-basic-tests
> * packetdrill
> * perf
> * rcutorture
> * ssuite
> * v4l2-compliance
>
>
> Greetings!
>
> Daniel Díaz
> daniel.diaz@...aro.org
>
> --
> Linaro LKFT
> https://lkft.linaro.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ